Method and arrangement for failure handling in a network

ABSTRACT

A method and arrangement for failure handling in a tree-structured communications network having interconnected edge nodes and switching nodes. VLANs may be established by using spanning trees to provide connectivity in case of a failure in the network. Emitters in the edge nodes periodically broadcast alive messages on the VLANs, and notifiers note the alive messages. A missing alive message indicates a failure on one of the VLANs, and the notifier broadcasts corresponding failure messages on the VLANs. When the alive messages are restored, the notifier broadcasts corresponding repair messages. If a notifier fails to note a failure, one of the edge nodes performs a similar function although somewhat slower.

TECHNICAL FIELD OF THE INVENTION

The present invention relates to failure handling in a tree structurenetwork.

DESCRIPTION OF RELATED ART

Networks, such as Ethernet networks, for exchanging information includenodes interconnected by links. A connection that is set up between apair of end nodes in the network can suddenly fail. Methods have beendeveloped to first detect the failing connection and then restore it.

“Spanning Tree Protocol” (STP) was the first resiliency method forEthernet, which was mainly developed for avoiding loops to avoidcirculation of broadcast messages. STP also provides path redundancy bythe activation of unused links. In case of link failure, a former backuplink is activated in order to reach the separated network segment. Theconstruction of the spanning tree begins with the election of the rootbridge among the bridges. The rest of the bridges calculate the shortestdistance to the root bridge. The port providing this shortest path tothe root bridge is the root port. The bridges exchange spanning treecontrol information in Bridge Protocol Data Unit (BPDU) messages. Themain drawback of STP is its slow convergence. The failover time is inthe order of ten seconds, typically from 30 to 60 seconds, and dependson the number of network devices. A further drawback of STP is that itis hardly controllable. That is, the first tree can be configured butthe tree formed after a failure is not predictable.

“Rapid Spanning Tree Protocol” (RSTP) was the next step in the evolutionof Ethernet resiliency protocols. It keeps the terminology and most ofthe parameters same as in STP. The most important difference to STP isthat the number of possible operational states of ports is reduced fromfive to three states. Furthermore, message handling in a port does notdepend on the role it plays in the spanning tree. BPDUs remained in thesame format, just a few changes were introduced, i.e. all bits of theflag byte are used. One of the drawbacks of STP is that non-root bridgesonly generate BPDUs when a BPDU arrives on their root port. As opposedto this, in RSTP every bridge generates so-called hello BPDUs in apredefined time interval, e.g. in every 2 seconds. Furthermore, a fasteraging is applied for protocol information, i.e. it is immediately agedout if hellos are not received in three consecutive hello periods. ThusBPDUs are used as a keep-alive mechanism between bridges, which makesthe recovery faster. The convergence time of RSTP is reduced to theorder of seconds so it is still not applicable in carrier gradenetworks.

EtheReal is a protocol that also aims to provide fast spanning treereconfiguration and fault detection. The failure detection mechanism ofEtheReal uses periodic hello messages between neighbours to indicatethat the source of the message is alive. If consecutive hello messagesfail to arrive then it is assumed that the connection has broken downand the construction of a new spanning tree begins. In EtheReal, all theconnections going through the failed link are terminated and arere-established after a new spanning tree is rebuilt. The main drawbackof EtheReal is that standard Ethernet switches do not support it whileall network nodes have to be EtheReal aware for proper operation.Furthermore, it cannot be as fast as an architecture using precalculatedspanning trees.

Failure detection could also be based on the recently developed“Bidirectional Forwarding Detection” (BFD) protocol. BFD was firstdeveloped for checking connectivity between neighbours and it was laterextended to a protocol “BFD for multihop paths”. However, BFD has notbeen developed for Ethernet yet. Furthermore, a point-to-point BFD wouldneed to be run between each edge nodes of the network to detect allpossible link failures, which may load the network too excessively.

With the spreading use of Virtual LANs (VLAN) it become obvious that theexisting standard was not adequate as the same STP instance does notsuit for all VLANs. Therefore, “Multiple Spanning Tree Protocol” (MSTP)was developed by IEEE. MSTP merges the best features of RSTP and VLAN.

The main improvement introduced by MSTP is that several VLANs can beassigned to a single spanning tree instance.

These instances are independent of each other if there are more thanone. The maximum number of spanning tree instances depends on theEthernet switches; it can even reach a thousand instances. Thus, MSTPreduces the number of spanning tree instances required to support alarge number of VLANs. Furthermore, load balancing is also possible withMSTP by providing multiple paths. In addition to this, the division ofan Ethernet network into regions is also possible, which makes largenetworks more tractable by reducing the size of the spanning trees. ThusMSTP scales better than its ancestors but its convergence is not betterthan that of RSTP.

The properties of MSTP raise the idea of a fault tolerant approach thatis based on MSTP. This idea is also applied in Viking system, where,spanning trees are constructed such that there are at least twoswitching paths for any end-node pair in two different spanning trees,which do not share intermediate links or nodes. Each spanning treeinstance corresponds to a particular VLAN, thus explicit selection of aVLAN results in implicit selection of a spanning tree. In case offailures end-nodes have to change the VLAN in order to select analternate path. The failure detection is based on the support providedby network switches. Each switch in the network is configured to sendSNMP traps to the Central Manager in case of failures. Even though thismethod relies on standard Ethernet switches, it requires a faultmanagement centre, which is not cost efficient and which slows down thefailover procedure. The Central Manager is a central server, which isresponsible for the overall operation of the network including faulthandling. After failure notification, the central server finds out whichVLANs are affected and informs the end-nodes about the necessaryreconfiguration in order to use the backup VLAN. Each of the end-nodeshas to run a client module, which is responsible for VLAN selectionduring operation. Clients also invoke load measurements of which resultsare sent periodically to the Central Manager. Thus, there is a centrallyco-ordinated traffic management using the constructed spanning trees.The failover time provided by this system is slightly below a second.

SUMMARY OF THE INVENTION

A main problem with the above-mentioned technology of today in networkfailure handling is that today's methods are too slow. These methodshave a failure detection time in the order of a second and more, whichis unacceptable for real time applications.

Another problem is that many of the above-mentioned today's methods willcause a heavy traffic load in the networks.

Still a problem is that some of the today's methods are not standardcompliant with e.g. Ethernet switches.

A further problem is that some methods are not robust enough, e.g.systems whose fault handling is centrally managed.

Still another problem is that some fault detection systems areapplicable only on point-to-point connections and not on the breakdownof a spanning tree.

In brief the problems are solved in the following manner. In a networkwith a number of nodes there are configured virtual local area networks,VLANs, each VLAN connecting predetermined ones of the nodes. Broadcastalive messages are sent at regular intervals to check whether the VLANsare alive. The nodes register whether the alive messages arrive, andwhen an expected message is missing a broadcast notification is sent toother ones of the nodes. After this notification these nodes will knowwhich of the VLANs that are unusable at the moment.

Somewhat more in detail the problems are solved in the following manner.Multiple of the VLANs are used and the topologies of the VLANs areconfigured such that at least one of the VLANs remains, which VLANprovides connectivity in case of any single failure in the network. Anumber of the network nodes are edge nodes and some of the edge nodesare dedicated to broadcast the alive messages regularly on the VLANs.The edge nodes listen to these messages on the different VLANs. If oneof the listening nodes will miss an expected one of the alive messageson one of the VLANs, the node indicates that the actual VLAN is unusableat the moment by broadcasting a notification message to the other edgenodes on the VLANs.

A purpose with the present invention is to provide fast failure handlingin a network.

Another purpose is that the handling will only slightly increase thetraffic load in the network.

A further purpose is that the handling can be made compliant withpresent standards.

Still another purpose is that the handling will be robust and simple inoperation.

A purpose is also that the handling will be applicable on networks withspanning trees.

A main advantage with the inventive failure handling is that it is fast.

Another advantage is that the inventive failure handling is simple andwill only slightly increase the traffic load in the network.

A further advantage is that the inventive failure handling can be madecompliant with present standards and standard internal nodes.

Still an advantage is that the inventive failure handling is distributedin the network, which contributes to that it will be robust andreliable.

Still another advantage is that the inventive failure handling isapplicable on spanning trees in networks.

Advantages are also that the inventive failure handling will use only afew messages which are of only a few different types.

The invention will now be described more in detail with the aid ofembodiments and with reference to the following figures.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 a shows an overview of a network with a set of failure handlingmessages;

FIG. 1 b shows the network with an alternative set of failure handlingmessages;

FIGS. 2 a, b, c and d show time diagrams for failure handling in thenetwork;

FIGS. 3 a, b, c and d show time diagrams for an alternative failurehandling in the network;

FIGS. 4, 5 and 6 show each a flow chart for failure handling in thenetwork;

FIGS. 7 a and b show each a block diagram over an emitter node in thenetwork;

FIGS. 8 a and b show each a block diagram over a notifier node in thenetwork; and

FIGS. 9 a and b show each a block diagram over a node with no specialrole in the network.

DETAILED DESCRIPTION OF EMBODIMENTS

In FIG. 1 a is shown an example of a simple Ethernet network NW1 inconnection with which the present failure handling will be described. Inthe network four switching nodes SW1, SW2, SW3 and SW4 are shown andalso four edge nodes EN1, EN2, EN3 and EN4 are shown. The nodes are allinterconnected by links, of which only one link L1 is shown to keep thefigure simple. The network NW1 shown in FIG. 1 a is just a simplifiedexample network for illustration. Naturally, the present invention canbe applied in wide networks having several internal nodes and edgenodes. The network NW1 has further nodes which are not shown in thefigure and a further part of the network is only hinted by a dash-dottedcontour line and a link C1. Three spanning trees are defined in theexample network NW1, a first spanning tree ST1 shown in continuous linesbetween the nodes, a second spanning tree ST2 in dashed lines and athird spanning tree ST3 in dotted lines. To each of the spanning treesST1, ST2, ST3 is assigned a virtual local area network VLAN1, VLAN2 andVLAN3 respectively. The network NW1 has the task to transport frames,exemplified by frames of a traffic message M1.

Also in FIG. 1 b the network NW1 is shown. The FIGS. 1 a and 1 b differin that they have failures in different places, as will be described indetail later.

In the network NW1, and similar networks, failures can araise thatprevent the frames of the traffic message M1 to reach their destination.It can be any type of failure, e.g. a failing switch or a failingconnection. For the functioning of the network it is essential that thefailure can be detected so that affected nodes can be notified and stoptheir sending of messages. Also, when the failure is repaired the nodesshall be notified to start sending again.

As mentioned above several state-of-the-art methods are available forsuch failure handling. They all suffer from different drawbacks such asthey are slow, they generate a heavy traffic load, are not standardcompliant or they are not robust enough.

In connection with FIGS. 1 a and 1 b it will be described an embodimentof failure handling, that will overcome the above drawbacks. It is adistributed failure handling mechanism for Ethernet architectures orother packet switched networks that apply tree-based forwarding and itprovides resiliency with the multiple spanning trees ST1, ST2 and ST3calculated in advance. All the spanning trees connect each of thenetwork nodes EN1 to EN4 and SW1 to SW4, they only differ in thecontained links as appear from the figure. The architecture includes thestandard Ethernet switches SW1 to SW4 that are available on the market.The extra functionalities that are needed for providing fault detectionand resiliency are implemented in the edge nodes EN1 to EN4 of theEthernet network NW1. In the present embodiment the edge nodes are IProuters. The multiple spanning trees ST1, ST2 and ST3 are applied forproviding protection switching, and the trees are implemented with thehelp of VLANs or the protocol MSTP. The spanning trees are static andare configured in the network such that there remains at least onecomplete spanning tree in the case of a single failure in any of thenetwork elements. One of the virtual LANs VLAN1, VLAN2 and VLAN3 isassigned to the respective one of the spanning trees, as mentioned.Traffic forwarding to the respective spanning tree can be controlledwith the help of VLAN IDs in the edge nodes EN1 to EN4. That is, in theembodiment protection switching becomes VLAN switching in the networkNW1. In the present description there is a one-to-one correspondencebetween the VLANs and the spanning trees. In the example network NW1shown in FIGS. 1 a and 1 b all the three spanning trees ST1, ST2, ST3are needed to make it possible to handle any single failure that canappear in the network.

In the case of a failure each of the edge nodes EN1 to EN4 need to stopforwarding frames, such as the frames of the traffic message M1, to theaffected spanning trees. Therefore, a protocol is needed for failuredetection and for informing all edge nodes about the identities of theVLAN:s which are affected by a specific failure. A failure handlingmethod will be described in the following. First an embodiment of thefailure handling will be described more broadly and then detailedexamples will be given in connection with the network NW1 in FIGS. 1 a,1 b, FIG. 2 and FIG. 3.

A new approach is proposed for the handling of faults in the networks.In the embodiment faults are handled with the aid of spanning trees inthe networks, such as the spanning trees ST1 to ST3 in the network NW1.The networks are, more generally spoken, packet switched networks wheretree topologies are used for traffic forwarding, e.g. Ethernet networks.In this new approach broadcast messages are utilized to check whetherone of the spanning trees is alive or not, to decrease traffic andprocessing load as much as possible. Therefore, some of the edge nodesare configured to send a broadcast message in each VLAN regularly. Allother nodes register the arrival of these messages and some nodes arededicated to promptly send broadcast notification about unusable VLANs,if needed in all VLANs. After the broadcasted notification, each edgenode will know which VLANs are unusable. The detailed operation offailure detection will be described in the following.

In the present embodiment three types of messages are used:

-   -   alive: These messages are broadcasted periodically according to        a predefined keep alive period KAP in each VLAN.    -   failure: These messages are broadcasted in each unaffected VLAN        when a failure is detected and contains the ID of the broken        VLAN.    -   repaired: These messages are broadcasted in at least the broken        VLAN and possibly in each VLAN, for the notification of the        failure reparation.

The edge nodes play one of the following roles:

-   -   emitter: An edge node which periodically broadcasts the alive        messages.    -   notifier: An edge node which broadcasts the failure messages        promptly when it detects failure and also broadcasts the        repaired messages when it detects failure reparation.

In an alternative some of the edge nodes are the abovementioned fastnotifier nodes, which promptly broadcast the failure messages. Anotherpart of the edge nodes are also notifiers but are somewhat slower andbroadcast the failure messages not promptly but within the same keepalive period KAP as it detects the failure.

-   -   no special role: An edge node which broadcasts the failure        message if it detects failure in one keep alive period and then        detects that the failure message is missing in the following        keep alive period. It is neither an emitter node, nor an        notifier node.

There are at least two emitter edge nodes in the network, whichperiodically broadcast alive messages in each VLAN according to the keepalive period. These messages are sent out within a short time, almostthe same time, in one VLAN after the other. Thus, alive messages have toarrive within a short—topology dependent—interval called detectioninterval, to each edge node in all VLANs. Edge nodes have to observe thearrival of messages, for example they maintain a table where the arrivalof alive messages is marked. A timer is started when the first messagearrived. If the arrival of one or more alive messages is not marked inthe table within the detection interval then the corresponding VLANs areconsidered as broken. Note that as many alive messages are expected ineach of the VLANs as there are emitter nodes in the network. All edgenodes supervise the arriving of alive messages. There are a few notifieredge nodes, which broadcast a failure message after detecting a failurein each VLAN, which contains the ID of the broken VLAN or VLANs. Eachedge node receives failure messages so all of them will be notifiedabout the failure. The number of nodes that broadcast notificationmessages is limited in order to avoid too large traffic load after afailure. However, the network should be prepared for the case whennotifiers cannot notify the others about the failure. Therefore, if anedge node, which is neither notifier nor emitter, detects a failurebased on the missing arrival of an alive message and it does not receivethe expected failure notification before the end of the next detectioninterval then this node broadcasts a failure message as well. Theemitter nodes always broadcast the alive messages in all VLANs even if afailure is detected before. If the failure is repaired then the edgenode that detected the failure will also detect the reparation becauseit receives again the formerly missing alive messages. Thus, the edgenode can notify the others by broadcasting a repaired message to theothers, which contains the ID of the repaired VLAN so traffic can besent to it again. The edge node that sends repaired message can eitherbe a notifier or other edge node that detected the failure. Anotherpossibility to avoid high traffic load after failure is that the networkhas the emitter and fast notifiers as above but the other edge nodes arethe slow notifier nodes. They broadcast the failure message faster thanthe nodes with no special role but not as promptly as the fast notifiernodes.

The above more broadly described embodiment of failure handling in anetwork will now be described in detail for the network NW1 inconnection with the accompanying figures. In the example the node EN3 isone of the emitters, the node EN2 is one of the notifiers and the nodesEN1 and EN4 are of the other type having no special role.

FIG. 2 shows the situation when the notifier node EN2, notes a failureand sends a failure message. In the example the failure is that theconnection between the nodes EN3 and SW3 is down for the spanning treeST2. The failure is marked in FIG. 1 a by an X and is referenced by CD1.

FIGS. 2 a, b, c, d are time diagrams with the time referenced by T. FIG.2 a shows that the emitter node EN3 transmits alive messages A1, A2 andA3 for the spanning trees ST1, ST2 and ST3 on the respective VLANsVLAN1, VLAN2 and VLAN3. These messages are also denoted in FIG. 1 a. Thealive messages are broadcasted within a very short period of time TI,almost the same moment, and are repeated periodically at the beginningof every keep alive period referenced KAP. In the uppermost part of thealive messages is denoted by the numbers 1, 2 and 3 on which of theVLANs the messages are broadcasted. In the middle the message type isdenoted, in FIG. 2 a an alive message, and at the lower part is denotedwhich of the VLANs the message concerns. It should be noted that thetime interval TI is much shorter than the detection interval DI and muchshorter than can be supposed from the FIG. 2 a.

FIG. 2 b shows that the notifier node EN2 receives the alive messagesA1, A2, A3 in the detection intervals DI. The receiving is shifted asmall amount of time AT1 due to a signal run time in the network. In thetwo first of the detection intervals DI all the alive messages arereceived but in the third detection interval only the alive messages A1and A3 are received due to the failure CD1. The notifier node EN2 nownotifies, via the VLAN VLAN2, that there is a failure in the spanningtree ST2.

FIG. 2 c shows that the notifier node EN2 sends failure messages F1 andF3 immediately after the third detection interval. In the uppermost partof the messages is denoted the identity, 1 respective 3, for the VLANson which the messages arrived. In the middle the type of message,failure, is denoted. At the lower part is denoted which of the VLAN:sthe message concerns, in the example VLAN2. As appears from FIG. 2 bthat the failure is repaired immediately and the notifier node EN2receives all the alive messages A1, A2, A3 in the fourth of thedetection intervals DI. The notifier node EN2 therefore sends repairmessages R1, R2 and R3 on the VLAN:s VLAN1, VLAN2 and VLAN3. In theexample the repair messages are sent one keep alive period after thefailure messages to inform that VLAN2 works again and the spanning treeST2 is fully in duty. In an alternative the notifier node EN2 sends onlythe repair message R2 on the repaired VLAN VLAN2. This is not shown inthe figure. The advantage with this embodiment is a lower traffic loadcaused by the failure handling.

FIG. 2 d shows the messages which the other nodes EN1 and EN4 receive.In the first two detection intervals the nodes receive the alivemessages A1, A2, A3. The receiving is shifted still a small amount oftime AT2. In the third detection interval the nodes receive only thealive messages A1 and A3 and within the same keep alive period KAP theyreceive the failure messages F1 and F3. In the following keep aliveperiod the nodes EN1 and EN4 receive all the alive messages A1, A2, A3and also the repair messages R1, R2 and R3. In this way the other nodesare notified via the VLANs VLAN1, VLAN2 and VLAN3 when a failure hasarised in one of the spanning trees SP1, SP2 or SP3 and when the failureis repaired so that all the spanning trees are fully in duty.

FIG. 3 shows the situation when it is one of the other nodes with nospecial role, node EN4 in the network NW1, that notes a failure andsends a failure message. In the example the failure is that theconnection between the nodes SW1 and SW3 is down for the spanning treeST2. The failure is marked in FIG. 1 b by an X and is referenced by CD2.It is emphasized that it is the same network NW1 in both FIGS. 1 a and 1b.

FIGS. 3 a, b, c, d are time diagrams with the time referenced by T asabove. The diagrams for the different nodes are time shifted by periodsAT3 and AT4 respectively. FIG. 3 a shows that the emitter node EN3transmits the alive messages A1, A2 and A3 for the spanning trees ST1,ST2 and ST3 on the respective VLANs VLAN1, VLAN2 and VLAN3. These alivemessages are also denoted in FIG. 1 b. The messages are broadcasted asdescribed in FIG. 2 a and also the content of the messages is denoted asin this figure.

FIG. 3 b shows that the node EN4 receives all the alive messages A1, A2,A3 in the first of the detection intervals DI. In the second detectioninterval of the second keep alive period KAP only the alive messages A1and A3 are received due to the failure CD2. No failure message isreceived in the second keep alive period KAP. In the third detectioninterval the message A2 is still missing and no failure message isreceived before the end of this third detection inteval. Observe thatthe failure CD2 does not prevent the notifier node EN2 to receive allthe alive messages A1, A2 and A3, as can be understood from FIG. 1 b.

FIG. 3 c shows the actions of the node EN2. When it receives only thealive messages A1 and A3 in the second detection interval it waits forthe failure messages F1 and F3 as described in connection with FIG. 2 d.No failure message arrives, as described in FIG. 3 b. The node EN4therefore broadcasts the failure messages F1 and F3 in the third keepalive period KAP on the VLANs VLAN1 and VLAN3.

As appears from FIG. 3 b the failure CD2 was repaired during the end ofthe third keep alive period KAP and the node EN4 receives all the alivemessages A1, A2, A3 in the fourth detection interval. When it receivesall the alive messages also in the fifth detection interval the node EN4broadcasts the repair messages R1, R2, R3 in the fifth keep aliveperiod, as shown in FIG. 3 c.

FIG. 3 d shows what happens in the notifier node EN2. In the first twodetection intervals DI it receives all the alive messages A1, A2, A3.Also in the third detection interval DI it receives all the alivemessages but in the third keep alive period KAP it also receives thefailure messages F1 and F3. The node then stops to transmit messageframes of e.g. the traffic message M1 to the VLAN VLAN2. In the fourthdetection interval the node EN2 still receives all the alive messagesjust as in the fifth detection interval. In the fifth keep alive periodthe notifier node EN2 receives the repair messags R1, R2, R3 and canstart again to transmit message frames of the traffic message M1 to theVLAN VLAN2.

When also the rest of the edge nodes of the network NW1 receive thefailure messages F1, F3 they stop to transmit the message frames, suchas the frames of the traffic message M1, on the failure reported VLAN,in the example VLAN2. When the repair message arrive the nodes start totransmit frames of the traffic message M1 again. It should be noted,however, that the emitter nodes always broadcast the alive messages A1,A2, A3 in all the VLANs even if they have received the failure messagebefore.

A further embodiment is shown briefly in FIG. 3. In this embodiment thenetwork NW1 has the node EN3 as one of the emitters and the node EN2 asone of the notifiers, as in the description above. The difference isthat the nodes EN1 and EN4 now have the role of the abovementioned slownotifiers instead of being the node with no special role. The slownotifiers have a larger detection interval than the fast notifiers, atmost as long as the keep alive period KAP. Thus failure detection can bedone in one single keep alive period. The slow notifier EN4 receives allthe alive messages A1, A2 and A3 in the first keep alive period but onlythe two alive messages A1 and A3 in the second keep alive period, asshown in FIG. 3 b. In FIG. 3 c is briefly shown in dashed lines that theslow notifier EN4 broadcasts the failure messages F1 and F3 in thesecond keep alive period. The failure messages are not sent promptly butat the end of the second keep alive period. This is slower than for theordinary notifier node EN2 in FIG. 2 c but faster than for the node withno special role. The repaired messages are sent from the slow notifiernode when all the alive messages appear again, which is not shown in thefigure. A network in which a minor part of the edge nodes are fastnotifiers and the rest of the edge nodes, except the emitters, are slownotifiers has the advantage that the failure detection becomes ratherfast for all failures and still the traffic load caused by the failuredetection is acceptably low.

As noted above all the emitter nodes of the network transmit the alivemessages for all the VLANs. All these alive messages are expected toreach the notifier nodes and the other nodes with no special role. InFIGS. 2 and 3 are however shown the alive messages broadcasted from onlythe emitter node EN3 and the influence on the different messages by thefailures CD1 and CD2.

In connection with FIG. 2 and FIG. 3 the failures CD1 and CD2 arementioned. It is also mentioned that the failures concern theconnections and not the line itself. The described failure detectionmethod naturally also detects failures on the line, but then the timefor repair will be longer than what is shown in FIGS. 2 and 3.

The edge nodes have to observe and register the arrival of the failuredetection messages. One implementation possibility for this purpose ismaintaining tables to follow the arrival of the messages. These tablesare the basis for the failure handling messages, i.e. it is decidedbased on these tables if a new message has to be broadcasted.

The emitter nodes do not need to maintain any table.

The notifier nodes maintain a table for the registration of the alivemessages. Table 1 shows the alive message table in the notifier node EN2if the failure CD1 happens.

TABLE 1 Registration table for alive messages Alive message VLAN1 VLAN2VLAN3 The one before previous Arrived Arrived Arrived detection intervalPrevious detection Arrived Lost Arrived interval This detection intervalArrived Arrived Arrived

The edge nodes having no special role have to register the arrival ofthe alive messages and also the arrival of the failure messages.

Table 2 shows the table for failure messages maintained in the node EN4when the failure CD1 happens. The node receives the failure messages F1and F3 as shown in FIG. 2 d.

TABLE 2 Registration table for failure messages Failure message VLAN1VLAN2 VLAN3 The one before previous detection interval Previousdetection Arrived interval This detection interval

However the Table 2 is empty in the node EN4 when the failure CD2happens, which triggers the node EN4 to broadcast the failure message ofFIG. 3 c indicating the breakdown of the VLAN VLAN2.

In the FIGS. 7, 8 and 9 will be given examples on the implementation ofthe edge nodes.

FIG. 7 shows block diagrams over the emitter node EN3. In FIG. 7 a thenode has an interface 71 for upper layer traffic and an interface 72 forlower layer traffic. A traffic message block 73 is connected to thenetwork via the interfaces 71 and 72. A failure control block 74 isconnected to a clock 75, a broadcasting block 76 and a message selectingblock 77. The latter sends the traffic messages M1 to the trafficmessage block 73 in an alternative N1 and in an alternative Y1 it sendsfailure protocol messages such as F1 and R1 to the failure control block74. The emitter edge node's main task is to broadcast the alive messagesA1, A2 and A3 periodically from the broadcasting block 76. This isscheduled by the failure control block 74 based on the clock 75. As themessage selecting block 77 sends the traffic messages to the block 73the user traffic is not affected by the failure detection protocol. Thefailure control block 74 has another important task despite of its rolein the failure detection protocol: It controls the VLAN switching, i.e.it manages the handling of failure and repairment. In FIG. 7 b is shownan alternative which only describes the failure handling parts in theemitter node. The node lacks the traffic message block 73 and hasinterfaces 71 b and 72 b for upper and lower layer data units. The restof the blocks are the same as in FIG. 7 a.

FIG. 8 shows block diagrams over the notifier node EN2. FIG. 8 a showsthat, in the same way as the emitter node, the node EN2 has an interface81 for upper layer traffic and an interface 82 for lower layer traffic.A traffic message block 83 is connected to the network via theinterfaces 81 and 82. A failure control block 84 is connected to a clock85, a broadcasting block 86 and a message selecting block 87. The lattersends the traffic messages M1 to the traffic message block 83 in analternative N2 and in an alternative Y2 it sends failure protocolmessages such as F1 and R1 to the failure control block 84. The notifiernode EN2 also has a registration block 88 which contains theabovedescribed Table 1. The notifier node leaves the regular trafficunchanged. The notifier node does not broadcast the alive messages A1,A2 and A3 but follows the arrival of these messages with the aid of thetable 1, as described above. However the notifier node broadcasts fromthe broadcasting block 86 the failure messages F1, F3 or the repairedmessages R1, R2, R3 if a failure appears or disappears, respectively. Aswith the emitter node EN3 the failure control block 84 in the notifiernode EN2 controls the VLAN switching. In FIG. 8 b is shown analternative which only describes the failure handling parts in thenotifier node. The node lacks the traffic message block 83 and hasinterfaces 81 b and 82 b for upper and lower layer data units. The restof the blocks are the same as in FIG. 8 a.

FIG. 9 shows block diagrams over the node EN4 having no special role.This node takes action when the notifier nodes do not fulfil their rolein the failute handling. In FIG. 9 a is shown that, in the same way asthe notifier node, the node EN4 has an interface 91 for upper layertraffic and an interface 92 for lower layer traffic. A traffic messageblock 93 is connected to the network via the interfaces 91 and 92. Afailure control block 94 is connected to a clock 95, a broadcastingblock 96, a registration block 98 and a message selecting block 97. Thelatter sends the traffic messages M1 to the traffic message block 93 inan alternative N3 and in an alternative Y3 it sends failure protocolmessages such as F1 and R1 to the failure control block 94. The node EN4also has a registration block 98 which contains the two abovedescribedtables Table 1 and Table 2. The node EN4 leaves the regular trafficunchanged and does not broadcast the alive messages A1, A2 and A3. Itfollows the arrival of these messages with the aid of the tables Table 1and Table 2, as described above. However, when the notifier nodes do notfulfil their role the node having no special role broadcasts from thebroadcasting block 96 the failure messages F1, F3 or the repairedmessages R1, R2, R3 if a failure appears or disappears, respectively. Aswith the emitter node EN3 the failure control block 94 in the node EN4controls the VLAN switching. In FIG. 9 b is shown an alternative whichonly describes the failure handling parts in the node having no specialrole. The node lacks the traffic message block 93 and has interfaces 91b and 92 b for upper and lower layer data units. The rest of the blocksare the same as in FIG. 9 a.

In FIG. 4 is shown a flow chart over a first part of the failurehandling method described in connection with FIGS. 1, 2 and 3. Themethod starts with a step 41, in which the emitter nodes are pointedout, e.g. the node EN3 in the packet network NW1. In a step 42 thenotifier nodes are pointed out. In a step 43 the VLANs, VLAN1 to VLAN3,between the nodes are defined, which can be made with the aid of thespanning trees and the protocol MSTP as described above. The consecutivekeep alive periods KAP are determined in a step 44 and in a step 45 thedetection intervals DI within the keep alive periods are determined. Ina step 46 the alive messages A1, A2, A3 are repeatedly broadcasted onthe VLANs from the emitter nodes, irrespective if any of the VLANs isreported as failing.

In FIG. 5 is shown a second and main part of the failure handlingmethod. In the step 46 the alive messages are broadcasted repeatedly asmentioned. In a step 501 the edge nodes check the arrival of the alivemessages A1, A2, A3. In a next step 502 the nodes check if all the alivemessages arrive within one of the detection intervals DI. If so, in analternative Y1, the nodes check the next set of the alive messages. Ifany of the alive messages fail to arrive, an alternative N1, two thingscan happen.

In a first case, if it is a notifier node that notes the failing alivemessage A2, it broadcasts the failure messages F1 and F3 in a step 503.In a step 504 the notifier node checks the arrival of the alive messagesand in a step 505 the notifier node checks if all the alive messagesarrive within one of the detection intervals DI. If not so, analternative N2, the notifier node goes on checking the arrival of thealive messages in the step 504. In a step 505 the notifier node checksif all the alive messages arrive within one of the detection intervalsDI. If not so, an alternative N2, the node once more checks the arrivalof the alive messages in the step 504. If all the alive messages hasarrived, an alternative Y2, the notifier node broadcasts the repairedmessages R1, R2 and R3 in a step 506. The notifier node then returns tothe step 501 and checks the arrival of the alive messages A1, A2, A3.

In a second case, if it is a node that is neither emitter nore notifier,it checks the arrival of the failure messages F1, F3 in a step 507. Thischeck is performed in the keep alive period following the keep aliveperiod in which the missing alive message was noted. In a step 508, analternative Y3, the failure messages have arrived and the node returnsto the step 501 and checks the arrival of the alive messages A1, A2, A3.In the step 508, an alternative N3, the failure messages have notarrived and the edge node broadcasts the failure messages F1, F3 in astep 509. In a step 510 the node checks the arrival of the alivemessages and in a step 511 the node checks if all the alive messagesarrived within one of the detection intervals DI. If not so, analternative N4, the node returns to the step 510 checking the arrival ofthe alive messages. If all the alive messages has arrived, analternative Y4, the node broadcasts the repaired messages R1, R2 and R3in a step 512. The node then returns to step 501, checking the arrivalof the alive messages.

In FIG. 6 is shown a flow chart over a third part of the failurehandling method. The nodes receive the failure messages in a step 61,which happens after either the step 503 or the step 509. In a step 62the nodes stop transmitting the traffic messages on the failing VLANVLAN2, exemplified by the message M1. The nodes on the VLANs receive therepair messages in a step 63 after either the step 506 or the step 512and begin to transmit the traffic messages again in a step 64.

The above description of an embodiment of the invention involves anumber of steps which are not absolutely necessary all of them. Abroader embodiment of the invention involves the following steps.Pointing out emitter nodes in step 41, defining the VLAN:s without theaid of the spanning tree protocol in step 43, determining the detectiontime intervals in step 45, broadcasting the alive messages in step 46,listening for the alive messages in step 501, indicating failing alivemessage in a node in step 502, broadcasting failure message from theindicating node in step 503 or step 509.

There are reasons for involving also the other steps in the procedure.Pointing out some of the nodes as notifier nodes is not necessary butmakes the failure handling simple and fast. Also the determined keepalive periods makes the handling fast. If the notifier nodes are usedthe failure handling will be more robust if also the other nodes canbroadcast the failure messages in the situations when the notifier nodeswill miss a failure. After having broadcasted the failure message thefailure handling can advantageously be completed with the method steps504 to 506 or the steps 510 to 512 so that the traffic messages M1 canfirst be stopped and then, after the failure repair, be transmittedagain in the steps 62 to 64.

In FIGS. 1 a and 1 b is shown the network NW1 with four switch nodes andfour edge nodes and a bigger network is hinted. In a real case thenetworks are often much bigger with hundreds of nodes and more. It is tobe noted that not every one of these nodes must be involved in theVLAN:s. Some of the nodes may be of less importance and can be set asideto simplify the failure handling for the rest of the nodes. In theembodiment in FIGS. 1 a to 3 d the spanning trees ST1, ST2 and ST3 wereconfigured and then the VLAN:s were assigned to the spanning trees. Thespanning tree protocool MSTP offers a wellknown method but is notnecessary for configuring the VLAN:s. For e.g. smaller networks theVLANs can be configured case by case, keeping in mind that for anysingle failure at least one of the VLANs must be intact, connecting allthe nodes which are of interest in the network. The network above hastree structure and the method allows any such network without anyrestriction on the tree structure.

1. An arrangement in a tree-structured packet network for handlingfailures, said network having a plurality of interconnected edge nodesand switching nodes, wherein at least two different virtual local areanetworks (VLANs) each connect a predefined set of the nodes, saidarrangement comprising: a first portion of the edge nodes of the VLANsconfigured as emitter nodes, said emitter nodes including means forperiodically broadcasting alive messages to all of the nodes on thedifferent VLANs within a restricted time interval; and a second portionof the edge nodes of the VLANs configured as notifiers, said notifiersincluding: means for listening for the alive messages; means fordetermining that at least one of the alive messages failed to arrivewithin a periodically repeated detection time interval; and means forbroadcasting on the VLANs, a failure message for the VLAN associatedwith the missing alive message; wherein the plurality of edge nodesinclude means for noting consecutive keep-alive time periods, whereineach keep-alive time period includes one of the detection timeintervals; wherein the means within the emitter nodes for periodicallybroadcasting alive messages includes means for broadcasting the alivemessages at the beginning of the keep-alive time periods; and whereinthe means within the notifier nodes for broadcasting a failure messageincludes means for broadcasting the failure message within the samekeep-alive time period in which it is determined that at least one ofthe alive messages failed to arrive within a periodically repeateddetection time interval.
 2. An arrangement in a tree-structured packetnetwork for handling failures, said network having a plurality ofinterconnected edge nodes and switching nodes, wherein at least twodifferent virtual local area networks (VLANs) each connect a predefinedset of the nodes, said arrangement comprising: a first portion of theedge nodes of the VLANs configured as emitter nodes, said emitter nodesincluding means for periodically broadcasting alive messages to all ofthe nodes on the different VLANs within a restricted time interval; anda second portion of the edge nodes of the VLANs configured as notifiers,said notifiers including: means for listening for the alive messages;means for determining that at least one of the alive messages failed toarrive within a periodically repeated detection time interval; and meansfor broadcasting on the VLANs, a failure message for the VLAN associatedwith the missing alive message; wherein the means within the notifiersfor determining that at least one of the alive messages failed to arrivewithin a periodically repeated detection time interval includes meansfor determining that at least one of the alive messages failed to arrivewithin first and second periodically repeated detection time intervals;and wherein the broadcasting means within the notifiers includes meansfor broadcasting on the VLANs, a failure message for the VLAN associatedwith the missing alive message within a predefined keep-alive timeperiod after determining that the missing alive message failed to arrivewithin the second detection time interval.